We replied to the email about doing this but there’s been no response for ten days. Is there some way we can speak to someone about our specific scenario and what we propose to build? I can’t help but feel that I’m misunderstanding the requirements here because no other OAuth provider has required this.
The two main concerns are:
- Our app allows for a user to be logged in to multiple (E.g. Facebook, Instagram, SoundCloud, Twitter, etc) different accounts. Just because they revoke Twitch access doesn’t mean they would want to be logged out of our system entirely.
- It seems very strange that we need to continually validate tokens. Would they not simply stop working when the user revokes access?